Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


2017-08-24 DRAFT MEETING NOTES

Attendees

Andrew Hughes

Mark Hapner

Scott Shorter

Aakash Yadav

Denny Prvu

Jenn Behrens

Colin Wallis

David Temoshok

Richard Wilsher

Nathan Faut

Ruth Puente 

Key discussion  items

  • Aakash commented about the excel sheet he sent to the mailing, which is a NIST breakdown for the normative sections of A, B and C, which can be used to further breakdown the guidelines into individual Shall and Should statements. 

Document shared by Aakash NIST 800-63 breakdown.xlsx

  • Andrew commented that he converted the mark up files from NIST that are available in Github to DocBook format (XML-based document structure) and has the features we need. He plans to include structural elements into the 63B doc. With this tool we can tag up the text and publish it in whatever presentation format we would like, html, etc. It creates a master document so we can do it in chapters. 

  • Richard said that what Andrew showed provides us the potential to manage our re-expression of NIST requirements in a more convenient readable form.  He asked Andrew to take the document and turn it back to word and produce a line number version for reviewers to look at. Andrew clarified that the version was taken directly from Github, from NIST mark up files and was not taken from word format. 

  • Richard added that this is a development tool where we can put simple statements for CSPs and Assessors that have to meet or determine they have met. He questioned why we want to keep the NIST text if we want to drive a set of criteria of our own. We can retain relationship with the original text but we should focus on creating criteria. 
  • Richard commented that on behalf of ID.me he offers to take the editorship role in the subgroup work, for producing the KI criteria for IAL 2 and AAL2 of 63A and 63B. He explained that the CSP interested in 800-63-3, will be considering those functions and assurance levels into the medium term. And if others want AL1 and AL3 there will be a proofing path to do it.  He encouraged the group to move forward, getting the NIST text and produce from it applicable criteria. 

Thursday next week. Close to produce some errata for 63-3, give him input by Thu next week.  

 

MH Glossary of the tagging strategy

 

63A criteria AAL AL2. Have been to determine my client conformity have a  number into discrete statements. Re expression of the NIST requirements and better structure it. Better structured. Including a tagging mechanism.

You could be able to contribute that in a KI friendly form before next call.

 

MH requirement of CSP  and RP. RW is more difficult to justfy an assessment process for an RP.

 

Consent requirements are primarly RP requirements, we are not.

 

Privacy policy csp. Consent how your info will be used.

 

What will be able to do by next week. 31 Minutes

2017-08-24 Minutes

2017-08-17 Minutes

2017-08-10 Minutes